Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
OpenSSH 10.4 Enhances Security with Key Updates

OpenSSH 10.4 Enhances Security with Key Updates

Posted on July 6, 2026 By CWS

OpenSSH 10.4, released on July 6, 2026, introduces a series of critical security improvements and new features. The update is available for download via the official OpenSSH mirrors and aims to enhance the robustness of secure shell communications.

Security Enhancements in OpenSSH 10.4

This latest version addresses numerous vulnerabilities that were found in the core utilities. A significant fix in sftp(1) prevents malicious servers from redirecting files to unintended locations during operations. Similarly, scp(1) now includes corrections to stop unauthorized servers from writing files outside the designated directory during remote transfers.

Additional security repairs were applied to sshd(8) that deal with a bug causing silent data truncation in ‘internal-sftp’, which could compromise security options. Moreover, improvements have been made to enforce authentication delays, resolving issues previously identified by the Orange Cyberdefense Vulnerability Team.

Protocol and Feature Updates

OpenSSH 10.4 also introduces changes that enhance the security framework. For instance, the transport protocol now automatically disconnects peers sending non-KEX messages during key re-exchanges, mitigating potential memory exhaustion attacks. On Linux systems, failures in seccomp sandboxing are now fatal, requiring explicit disabling if kernel support is absent.

Furthermore, the sshd -G configuration mode now outputs in a mixed-case format, which may affect automated scripts. The update also debuts experimental post-quantum signature support combining ML-DSA 44 and Ed25519, although this feature is not activated by default.

Additional Improvements and Bug Fixes

The release includes a new NFA-based wildcard pattern matcher for ssh(1) and sshd(8), which resolves previous performance issues. Numerous bug fixes have been implemented, such as enhanced FIDO token key handling, and improved security in cryptographic operations.

Portability updates ensure synchronization with OpenBSD for specific files and resolve multiple memory leaks. These improvements contribute to the stability and security of the software.

Source packages for OpenSSH 10.4 can be downloaded and verified using provided SHA1 and SHA256 checksums, ensuring their integrity and authenticity.

Cyber Security News Tags:Cryptography, Cybersecurity, IT security, Linux, OpenSSH, post-quantum cryptography, protocol updates, security updates, software release, SSH, vulnerability fixes

Post navigation

Previous Post: Enhancing Risk Management with Business Alignment
Next Post: Critical Gitea Docker Flaw CVE-2026-20896 Under Attack

Related Posts

Threat Actors Weaponizes LNK File to Deploy MoonPeak Malware Attacking Windows Systems Threat Actors Weaponizes LNK File to Deploy MoonPeak Malware Attacking Windows Systems Cyber Security News
AutoJack Exploit Risks AI Agents with Code Execution AutoJack Exploit Risks AI Agents with Code Execution Cyber Security News
State-Backed Hackers Exploit Signal to Target Officials State-Backed Hackers Exploit Signal to Target Officials Cyber Security News
AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload Cyber Security News
New Tool Analyzes LinkedIn Contacts with Epstein Files New Tool Analyzes LinkedIn Contacts with Epstein Files Cyber Security News
CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark